Jump to content

I think I'm getting attacked


DrGitnz
 Share

Recommended Posts

Hello, So I've been having issues with my internet. First you should know that I live in a multi-family house with internet provided. I have the routers in my room. I have the Xfinity router which I connect to and also I have a linksys router for everyone else in the house. I am still very much learning all of this. I run wireshark from time to time when there seems to be a problem. And have to google most of it to figure it out. I ran a intense scan on the Xfinity router from nmap and returned this. Any help would be appreciated

 fingerprint-strings:

|   GetRequest:

|     HTTP/1.0 200 OK

|     Content-type: text/html

|     X-robots-tag: noindex,nofollow

|     X-Frame-Options: deny

|     X-XSS-Protection: 1; mode=block

|     X-Content-Type-Options: nosniff

|     Strict-Transport-Security: max-age=15768000; includeSubdomains

|     Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; connect-src 'self'; object-src 'none'; media-src 'none'; script-nonce 'none'; plugin-types 'none'; reflected-xss 'none'; report-uri 'none';

|     Content-Length: 9105

|     Date: Fri, 11 Mar 2022 09:34:52 GMT

|     Server: Xfinity Broadband Router Server

|     Connection: close

|     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o

|   HTTPOptions:

|     HTTP/1.0 200 OK

|     Content-type: text/html

|     X-robots-tag: noindex,nofollow

|     X-Frame-Options: deny

|     X-XSS-Protection: 1; mode=block

|     X-Content-Type-Options: nosniff

|     Strict-Transport-Security: max-age=15768000; includeSubdomains

|     Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; connect-src 'self'; object-src 'none'; media-src 'none'; script-nonce 'none'; plugin-types 'none'; reflected-xss 'none'; report-uri 'none';

|     Content-Length: 9105

|     Date: Fri, 11 Mar 2022 09:34:54 GMT

|     Server: Xfinity Broadband Router Server

|     Connection: close

|_    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o

| http-methods:

|_  Supported Methods: GET HEAD POST OPTIONS

|_http-title: XFINITY

|_http-server-header: Xfinity Broadband Router Server

|_http-favicon: Unknown favicon MD5: 1939FBE51A7E908A3EEE495779E5FC3E

443/tcp open     ssl/https Xfinity Broadband Router Server

| ssl-cert: Subject: commonName=myrouter.io/organizationName=Comcast Corporation/stateOrProvinceName=Pennsylvania/countryName=US

| Subject Alternative Name: DNS:myrouter.io

| Issuer: commonName=COMODO RSA Organization Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB

| Public Key type: rsa

| Public Key bits: 2048

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2021-01-07T00:00:00

| Not valid after:  2022-01-07T23:59:59

| MD5:   a9d9 fd3b 6f57 2ec4 9f4c e709 1380 ce88

|_SHA-1: 1eca 6fac 76a1 74a4 9a4d f6ce c0b8 d908 c645 acba

| fingerprint-strings:

|   GetRequest:

|     HTTP/1.0 200 OK

|     Content-type: text/html

|     X-robots-tag: noindex,nofollow

|     X-Frame-Options: deny

|     X-XSS-Protection: 1; mode=block

|     X-Content-Type-Options: nosniff

|     Strict-Transport-Security: max-age=15768000; includeSubdomains

|     Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; connect-src 'self'; object-src 'none'; media-src 'none'; script-nonce 'none'; plugin-types 'none'; reflected-xss 'none'; report-uri 'none';

|     Content-Length: 9105

|     Date: Fri, 11 Mar 2022 09:34:57 GMT

|     Server: Xfinity Broadband Router Server

|     Connection: close

|     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o

|   HTTPOptions:

|     HTTP/1.0 200 OK

|     Content-type: text/html

|     X-robots-tag: noindex,nofollow

|     X-Frame-Options: deny

|     X-XSS-Protection: 1; mode=block

|     X-Content-Type-Options: nosniff

|     Strict-Transport-Security: max-age=15768000; includeSubdomains

|     Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; connect-src 'self'; object-src 'none'; media-src 'none'; script-nonce 'none'; plugin-types 'none'; reflected-xss 'none'; report-uri 'none';

|     Content-Length: 9105

|     Date: Fri, 11 Mar 2022 09:34:59 GMT

|     Server: Xfinity Broadband Router Server

|     Connection: close

|_    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o

|_ssl-date: TLS randomness does not represent time

|_http-server-header: Xfinity Broadband Router Server

Link to comment
Share on other sites

Don't just post stuff and suggest that you think you are attacked. Provide specific information on why you think you are attacked. What proof do you think you have that you classify as suspicious? Not just a bunch of text, but exactly what in that output says that you are under some form of attack? What issues do you experience that lead you to try to investigate it further?

Link to comment
Share on other sites

So, let me guess. You have two routers, connected to each other, where you use on, and others run on the other router, and now you're having problems with unstable internet / lag / dropping connections ?

And, you think you're under attack, and run a NMap scan on the router, aaaand comes up with the bable you posted..
There's nothing in there that suggest you're under attack. It's misconfigured internet on equipment not up for the task.

Don't run two routers plugged into each other, unless you know what you're doing and can configure them properly, taking into account subnetting, IP-range, dns and so on.
Get a Mikrotik router, to replace the two you have, configure each port as it's own seperate subnet, and configure firewalls and pinholes as needed, and you're done.

Relax, you're likely NOT under attack 😉

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...